search

kartikdedhia / Riches

0 stars 2 forks source link

CX Command_Injection @ riches/pages/content/oper/Newsletter.jsp [master] #11

Open kartikdedhia opened 5 years ago

kartikdedhia commented 5 years ago

Command_Injection issue exists @ riches/pages/content/oper/Newsletter.jsp in branch master

The application's sendMail method calls an OS (shell) command with exec, at line 53 of riches\WEB-INF\src\java\com\checkmarx\samples\riches\oper\SendNewsletter.java, using an untrusted string with the command to execute.   This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack. The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the size="50"/></td></tr></table> method, at line 18 of riches\pages\content\oper\Newsletter.jsp.

Severity: High CWE:77 Checkmarx Lines: 18 25

Code (Line #18):

                            <table cellpadding="0" cellspacing="0"><tr ><td style="border:0px" width="50px"><strong>Subject:</strong></td><td style="border:0px"><s:textfield label="Subject" name="subject" size="50"/></td></tr></table>

Code (Line #25):

                                        <td colspan="2" align="left"><s:textarea label="Body" name="body" cols="114" rows="12"/></td>
kartikdedhia commented 4 years ago

Issue still exists.

kartikdedhia commented 4 years ago

Issue still exists.